UK mobile network Three accidentally revealed user data through a flaw in an online survey

The personal data of Three customers leaked online.
Getty Images Europe
Three, a major mobile phone network in the UK, accidentally revealed user data through a security flaw on one of its websites, The Register reports.

Security researcher Joseph Redfern found that entering any phone number into Three's survey site would expose the name and email address of the person it belongs to — meaning you could input a stranger's number and their contact details would be revealed.

The weird part about the security flaw is that the personal data wasn't actually used on the survey site once it was loaded on the web page.

Redfern says he informed Three customer support about the vulnerability, but never heard anything else from them. The next thing Redfern knew, the site had been taken offline, and Three's survey API was removed.

Three provided this statement to Business Insider about the flaw:

We take the security of our customers' information very seriously. We're aware of the issue and are currently investigating how it occurred, the extent to which customers may have been affected and what steps we need to take to ensure this doesn't happen again.